Commentary

Hacked Equifax Suffers A Big Hit To Its Credibility Score

Equifax, which not only stores extremely sensitive financial data for 820 million consumers, 91 million businesses and 7,100 employers worldwide but also markets credit-monitoring and
identity-theft protection products, disclosed yesterday that hackers had gained access to the records of about
143 million U.S. consumers from the middle of May through the end of July.

The Atlanta-based company says the intruders could see customers’ names, Social Security numbers, birth
dates and addresses — as well as some driver’s license numbers — but that it “has found no evidence of unauthorized activity on Equifax's core consumer or commercial credit
reporting databases.”

“This is the nightmare scenario — all four pieces of information in one place,” John Ulzheimer, a credit specialist and former
manager at Equifax, tells the
Wall Street Journal’s AnnaMaria Andriotis and Ezequiel Minaya.

“The incident comes at a time of heightened sensitivity to cyberattacks
in the political, commercial and personal realms, especially in the wake of presumed Russian interference in the U.S. presidential election last year,” they write.

“This is
about as bad as it gets,” Pamela Dixon, executive director of the World Privacy Forum, tells the New
York Times. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50%.”

All told, the number of American consumers
affected constitutes about 44% of the U.S. population,” NPR’s Colin Dwyer points out. “Equifax did not explain why
more than two months passed before it discovered the hack, which also affected an unspecified number of consumers from Canada and the U.K..” he adds.

“This is clearly
a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this
causes,” Equifax chairman and CEO Richard F. Smith says in the news release announcing the hack. He somberly elaborates on what happened,
and what Equifax is doing about it, in a 2:37 video.

Equifax has established www.equifaxsecurity2017.com and a call
center at 866-447-7559 to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and a free year of its credit protection service. But
this remedy “falls short of what consumers really need, because their information can be bought and sold by hackers for years to come,” consumer credit expert John Ulzheimer tells the
NYT’s Tara Siegel Bernard, Tiffany Hsu, Nicole Perlroth and Ron Lieber.

CNET’s Sharon Profis points out that “Equifax's enrollment program doesn't explicitly tell you if your data was a part
of the breach. The company only makes it clear to those who weren't exposed. It's confusing.” She cites a couple of additional perceived shortcomings of the program and suggests additional steps
consumers should take to protect their data.

Law enforcement officials have been notified and Equifax has hired a “leading cyber-security firm to conduct a forensic review
to determine the scope of the intrusion,” Equifax CEO Smith tells us in the video.

Adding to the tarnish to its image, three top Equifax executives — including CFO
John Gamble — sold shares roughly worth a combined $1.8 million within a few days of the discovery of the breach.

“The three ‘sold a small percentage of
their Equifax shares,’” spokeswoman Ines Gutzmer said in a statement emailed to
Bloomberg’s Anders Melin. They ‘had no knowledge that an intrusion had occurred at the time.’” Melin points out, though, that “none of
the filings lists the transactions as being part of 10b5-1 scheduled trading plans.”

Gamble sold shares worth $946,374, U.S. information solutions president Joseph Loughran
sold shares worth $584,099, and workforce solutions president Rodolfo Ploder sold shares worth $250,458, according to regulatory filings.

“The breach also took in what
Equifax called ‘limited personal information’ about some U.K. and Canadian residents — a fact that means the company has to now deal with regulators in those countries, too. The firm
said it had no evidence that information for other countries' citizens was compromised,” David Meyer reports for Fortune.

Meanwhile, security experts
seem to be going out of the to not minimize the severity of the situation.

“This is a security risk for any and every website that anyone uses,"
Christopher O'Rourke, founder and CEO of cybersecurity firm Soteria, tells CNBC’s Todd
Haselton. “Most often, security questions to access those websites use that data, like a previous address, so this becomes an open-source intelligence nightmare…. It's
nasty.”

1 comment about "Hacked Equifax Suffers A Big Hit To Its Credibility Score".

May their ivory tower executives have to live over a gas station with their families on minimum wage with no benefits for the rest of their lives. They intentionally did not want to spend on the proper security measures and until such mooks have to personally pay by having to live in that apartment, nothing will change.